from the tinfoil-hat dept

As Techdirt reported last year, one of the most bizarre episodes in the unfolding story of the Snowden leaks was when two experts from the UK's GCHQ oversaw the destruction of the Guardian's computers that held material provided by Snowden. As everyone -- including the Guardian's editor Alan Rusbridger -- pointed out, this was a particularly pointless act since copies of the documents were held elsewhere, outside the UK. The only possible explanation seemed to be that the UK government was trying to put the frighteners on the Guardian, and engaged in this piece of theater to ram the point home. But a fascinating blog post from Privacy International raises the possibility that there is another far more disturbing explanation:

GCHQ were not just interested in hard drives nor did they destroy whole devices. An examination of the targeted hardware by Privacy International, with cooperation from the Guardian, has found the whole episode to be more troubling and puzzling than previously believed.

During our investigation, we were surprised to learn that a few very specific components on devices, such as the keyboard, trackpad and monitor, were targeted along with apparently trivial chips on the main boards of laptops and desktops. Initial consultation with members of the technology community supported our identification of the components and that the actions of GCHQ were worth analyzing further.

In other words, GCHQ weren't trying to destroy the data -- which they, like everyone else, knew was completely futile. There were interested in "apparently trivial chips on the main boards of laptops and desktops." Specifically, these were the keyboard controller chip, the trackpad controller chip and the inverting converter chip. Privacy International provides more details:

From our analysis, we believe the targeted component of the keyboard is the keyboard encoder responsible for communicating over the USB and interpreting key presses on its various I/O pins.

...

We believe the targeted [trackpad] component is a serial flash chip that may perform a similar function to the keyboard controller also targeted. It is noteworthy that the device in question uses the controller board on the trackpad to also connect the keyboard to the main device.

...

The final component is an inverting converter, again used on the Apple MacBook Air systems.

Just over a year ago, only the most paranoid would have worried about the fact that the GCHQ sent two people to destroy these seemingly trivial components. But in the wake of Snowden's revelations about the astonishing range of technologies that the NSA has developed in order to infiltrate hardware systems -- things like radio transmitters built into USB leads -- the GCHQ's actions immediately raise a troubling thought: that most or all mainstream computers routinely contain various components that can be used to spy on us. As Privacy International concludes:

We will continue to explore the rest of the chips destroyed by GCHQ. We welcome any thoughts from individuals who have an understanding of these components and what their storage capabilities are, and for what purposes. We hope to achieve some much needed transparency about what our devices do and how the unseen components on the inside might betray our privacy.

Honestly, at this point, I would not be surprised in the slightest. And two years ago, I would have probably only written it off as tinfoil hat insanity. It's amazing how much your perspective and understanding of the depths governments will sink to can change over that short a span of time.

Re:

Re:

Ha ha... at least you are learning, now that you understand that 2 years ago you were part of the problem.

You see... people should always pay attention to the tinfoil hatters... why?

Because there should only be 1 default position that should be taken when viewing the Government... any Government!

One of DISTRUST... if you trust your government, let please do the world a favor and end your public participation in elections as you are no longer fit to vote with any degree of intellectual capacity.

what's the n?

I'm glad that Privacy International noted the odd pattern; however, I'm withholding judgement until some real hardware wonks weigh in. Further, is it clear that they targeted these chips, or could they have taken them out at random? How many boards did they destroy and did they exhibit the same pattern? (Yes, I do like statistics and want to know "n").

Wait unless they are using interdiction tactics. Why would they destroy the guardians hardware specifically if the bugging devises exist on all hardware of the same model? Can't you just look at any old MacBook Air to see if they are bugged by design.

The interdiction explanation would make more sense? Putting the bug on every single model would increase risk of discovery of secret buging tech.

You could probably record keystrokes if you install some mechanism in the keyboard or in the computer as a whole so yes it is an important point raised.

I kept wondering about what would be the purpose here. If the destruction of such key components is confirmed it could mean that they were somehow compromised and used to get info from the computer. If not it could mean they contained info that would be extracted later. Damned if destroyed, damned if not destroyed. And given that the most wild conspiracy theories have been proven right regularly lately... Well, shit.

Re:

Why would they destroy the guardians hardware specifically if the bugging devises exist on all hardware of the same model?

Modern hardware, such as what we're talking about here, isn't strictly "hardware" - it also contains software or firmware. I don't have specs, but they could be talking about EEPROM chips - a type of reprogrammable chips that can be updated with a different version of firmware. http://en.wikipedia.org/wiki/EEPROM

Why would that matter here? I can see 2 reasons. 1) They had somehow compromised those systems and were concerned about being found out. 2) They wanted to force purchase/replacement of new devices that could be compromised. #2 becomes more likely when you think about the recent relevations of intercepting shipments and bugging them.

Re:

At times the tinfoil hat people are proven right.

My 92 year old grandfather would have died middle aged if he weren't a tinfoil hat with his fear of asbestos, before it was proven to be dangerous.

He worked in a career that required someone to use it, and the company paid bonus money to whoever used it. My grandfather never took the bonus money despite being poor, his brother always took the bonus money. His brother died middle aged of asbestos related illness.

Re: Re:

Yep I hope they sent some one to a distant Apple store to get a new machine off the shelf. Perhaps ordering one from the factory to have the hardware boffins check out for weirdness would be enlightening.

Re: Re: Typo

Personal Computers Come With NSA Surveillance Devices Built-In

I can believe that Intel, Motorola, AMD, etc. have all been visited by "the men in black" to insist that some change to the microprocessor itself has been done to ensure that the various "security" (snoop) agencies can gain access. And since none of them are talking it's almost guaranteed!

Re: Re:

Stuck in Shanghai

Watching my laptop delivery from China progress on Company A's website, I wondered "what kind of interesting things could be installed during the two days it appeared to be sitting in the Shanghai Airport?"

I'm nobody important, but it seems pretty easy for every government to divert and tamper with stuff. Too easy.

Re: Stuck in Shanghai

it seems pretty easy for every government to divert and tamper with stuff

It is easy small-scale, but as an operation like that scaled up, it would be prohibitively expensive for most countries pretty quickly. It's one thing to hide it in the US budget, but I think many countries would find it difficult to intercept packages indiscriminately to modify the contents.

Re: Personal Computers Come With NSA Surveillance Devices Built-In

Don't most chip makers get their chips made in a vary small number of factories in China? Hell, doesn't Samsung and Apple get their chips made in the same building? The MIB wouldn't have to visit each manufacturer, they just have to visit the factories.

It's possible, but unlikely. The cost of the chips would double or triple. These factories make their money from selling massive amounts of chips with low margin. They wouldn't be able to pay for the extra parts needed, or be able to afford making the original part that much smaller.

Re:

I suspect the problem isn't what the GCHQ or NSA had done to that specific laptop, but what other agency may have done to it.

Once the laptop was revealed to have been used to transport/view the sensitive documents, the GCHQ and NSA needed to make sure it was destroyed lest some other agency, government, or otherwise nefarious character could obtain and/or extract information that may have been captured by the specific chips they targeted.

IOW, protecting their ass - they probably felt those specific chips *could* have been compromised, so best destroy them to be safe.

Re: Re:

"You see... people should always pay attention to the tinfoil hatters."

So, Bush is a lizard alien from outer space who also orchestrated 9/11. The government is trying to control our minds with con-trails, radio waves, and deodorant. Cell phones do cause cancer. Microwaves cause cancer. Power lines cause cancer. Moonlight causes cancer. Vaccines cause autism. We never went to the Moon. Fell free to chime in, I'm sure I've missed quite a few.

Basically I'm saying that the Tinfoil hatters get it wrong far more often then they get it right. Bring us proof, bring us facts and we will believe, as has been proven with the Snowden documents.

Re: Re:

Hmm. I was thinking along those lines too, but it could be any number of things.

You know how people in government weren't allowed to read the published Snowden documents because they were technically still classified, and they weren't allowed to have classified material on an insufficiently protected device?

Maybe it's something similar here. They couldn't leave classified documents on a rather insecure government tracking device, so regulations said they had to go destroy the device.

Looking at the specific chips destroyed, most of them look like controllers for various interfaces, just as keyboard, and so on. These are often simple low-spec microcontrollers, like an ARM based M0 and that sort of thing. These have non-volatile memory as a component, and are capable of holding data even when powered off, and, depending on the firmware and function, may buffer things like keystrokes, data from a hard drive, or data being sent to an LCD monitor. So, it could simply be that the thugs from GHCQ, or whoever gave them "how to destroy a computer" instructions, are simply being thorough in wiping out anything which could potentially hold even a tiny fragment of data that was on that computer.

However, we already have the precedent of phone companies being forced to turn over their call data for their entire customer base, on an ongoing basis, while also being told they had to keep it secret.

Once the government starts going down the road of secretly telling companies what they have to do, it's hard to say that they haven't gone further down it. Who's to say they never told components manufacturers that they had to include one particular extra chip in their devices, and that they had to keep it secret? Maybe FISA approved it with the provision that they could only "target" foreigners or terrorists, even as it was collecting information from every newer computer on the planet.

Of course, I don't think it's quite on that scale. If every device was compromised, someone would notice - there are plenty of people out there that could tell that something wasn't right. But you could certainly get some devices at a particular location like a newspaper.

Ok, that just provided a scary thought. What if it's not GHCQ/NSA have something on those systems. What if they know about something China placed on the chips that GHCQ/NSA know about but don't mention to the public because they are taking advantage of it too, and/or don't stop so as not to tip off to China that they know about it. They may then be destroying those chips because those computers had sensitive info on them at one point and want to prevent that info from being able to be spread by whatever is wrong with those chips?

Re: Re: Re:

Let me help you out.

Anything can be disproved if you only pay attention to the exceptions.

Paying attention should always be done... just long enough to hear them out. Paying attention does not mean you need to drink the cool aid. However, ignoring them could get you a nice sting in the back, not from them necessarily, but from those they warned you against.

Bush being a lizard alien from space? Okay, probably safe to ignore.Bush Orchestrated 9/11? After being in office only a few months... hard to believe on top of all the people that would be needed to keep that secret. However, just because they didn't cause it, does not mean some coverup was not going on to protect arses, ya know the type of activity that builds suspicion. There is a reason to at least look, if for nothing else than to help reduce corruption and bullshit.

Microwaves/Powerlines causing cancer: (Worth the research, regardless of True/False)Look how long it took to finally make it public how nasty Tylenol is on the liver.

Vaccines cause autism? I am sure this has happened but would be an edge case. Medicine causes all sorts of shit to happen to the body. Vaccination effectiveness has already proven its value, but if we can still improve it, then why not try? Even if surrounded by crazy people.

Not sure how many you have missed, but the default ignore mode many seem to have is why this nation is in the pile of shit we keep getting into.

Maybe you could instead look at all of the time tinfoil hatters were right, or do you have that foolish blind trust in government and people that many do?

Re: Re: Re: Re:

Roughly speaking (and if we're talking about a 12-hour watch), if the working watch is running slow it will be right less often than twice per day, if it's running fast, then more often. But in either case, it will be exactly right every so often.

Indeed, maybe they were, as you say, taking advantage of someone else's secret work. But what they wanted to do was look at the secret keylogger data in some inexpensive chip to see what else had been typed by the PC's owner. Tinfoil Hat: Maybe there is some non obvious, secret way to get some fifty cent chip to cough up this secretly recorded data.

Well, the chip on the touchpad is easy; that's a 2Mb flash device. It would be possible to write a software program to save a document onto that device (i.e. in order to hide it).

The EC (embedded/keyboard controller) will almost certainly have onboard storage, so you could probably hide a document there (if you knew how to write code for the EC). Can't tell specifics about that part since it's blacked out by the manufacturer. The ones that my company use could be programmed to do that for sure.

The inverter is harder to understand, though. The LT3957 has no onboard storage at all; it's configured by external components only; (here's the datasheet: http://cds.linear.com/docs/en/datasheet/3957f.pdf). I don't see how it could be used to conceal anything.

Chips altered?

I think it would be much easier to modify the UEFI (the successor to the BIOS -- the software that lets your operating system communicate with the hardware on your computer) so that it sends out small (or even large) amounts of data to a set ip address. While I haven't gone through the code, the UEFI is quite large and could accommodate spying on the operations in OS. Moreover, the OS would probably not be able to detect everything that the UEFI is doing. In short, this makes me suspicious of it. But if you are running older hardware (anything before Windows 8), the BIOS is too small to handle code that would spy on anyone.

Re: Re: Re:

Re:

"I don't see how it could be used to conceal anything."

Since we're all engaging in completely wild and evidence-free speculation, I'll chime in on this...

In years past, there have been hardware-based exploits that take a chip that in innocuous -- such as the LT3957 -- and replaced it with a chip that is outwardly identical, including the markings, but is actually programmable and has onboard storage. Something like this could be done here and you'd not be able to detect it on visual inspection. A really key question is what are these inverters wired to? It would have to be something that an interesting bitstream passes through.

Re: Wishful thinking:

3D printing won't be able to make chips in the forseeable future. You really need lithography to do it (not to mention all kinds of other expensive infrastructure such as a clean room, chemical baths, etc.)

Re: Re:

It matters because only a relatively tiny number of systems can be subverted through interdiction. Theoretically, all systems could be subverted if the subversion is built into the manufacturing process.

Re: Re: Re: Wishful thinking:

Re: Chips altered?

The modified UEFI would need to be signed. The computer as shipped would need to trust the signature used to sign the modified UEFI.

Either:1. The computer would trust an additional signature for signing the UEFI. (which raises questions)2. The modified UEFI was signed by Microsoft's signature, using signing keys provided by Microsoft either willingly or unwillingly.3. Whoever modified the UEFI used stolen keys to sign it with Microsoft's signature.4. The TPM chip and related hardware is compromised so that it will trust a firmware modified or signed in a certain way. Maybe it has an internal hidden key or certificate chain that it validates the modified UEFI, but doesn't show up on any list of installed signing keys it trusts.5. Something else?

I don't know. It seems to me that if you could, on a very large scale, compromise some fifty cent part to also have flash memory and act as a secret keylogger, you would have a very powerful and secret tool. Now you just need to inspect / search / impound / seize / "destroy" the hardware to obtain this part and use some secret procedure to extract the keylogger data it contains.

Re: Re: Wishful thinking:

Re: Re: Re: Wishful thinking:

You still need the lithography and clean rooms to fabricate those chips. But if you're willing to go to the technologies of yesteryear, then you can do that right now! CPU aside, you don't have to use large-scale ICs for anything -- you can assemble your own equivalent machinery using nothing but NAND gates if you like. Even the CPU is probably safe, if you're willing to go with something like a Z80, 8080, or 8085 equivalent -- all of which are still readily available (and cheap!)

Re: Re:

Well, I doubt Apple is gonna let us look at the schematics. You could figure it out if you had a board that you were willing to tear down. I would be very surprised to see anything like this being done. Apple would have to be in on it. And if Apple were in on it there would be a lot more (less expensive and more efficient) ways to compromise the system I would think.

Re: Re: Re: Re:

You're making a mistake in assuming that a person becomes a tinfoil hatter the second they make the outrageous claim. They don't. They become one once they make the claim and cannot back it up with verifiable proof. As I said, provide proof and people will believe (as has been proven by the Snowden thing).

The tinfoil hatters that originally claimed the government was watching everything you do on your computer had no proof. No proof or logic means they pulled that claim out of their asses. Just because the government has been proven to be doing something similar does not change the origin of the original claim, it does not mean they were right.

Re: Re: Re: Biological Effects of microwave radiation

This was a topic for engineering thesis work in the late 70's and early 80's. At that time there was various research from around the world (from various engineering sources) that had high indications that electromagnetic radiation from power frequencies on up had effects on biological systems. What was in dispute was how high the power levels had to be at the various frequencies to cause harmful effects. Certain research at the time had it at specific levels, whereas other research had it at 10 to 100 (or even 1000) times what was elsewhere reported. My conclusion at the time was that there was not enough unbiased research to find the actual facts of the matter.

One of the best brain surgeons in Australia makes it a point Not to use mobile phones near his own head based on the patients he has to deal with.

So make of it what you may.

Lizard aliens from outer space, I don't know about that, but we did have a lecturer that was unaffectionately know as "the lizard man" or Dr Lizard for his appearance an manner. Mind you we also had a lecturer affectionately known as Dr Death for his lecturing style (perfect monotone - completely unexpressive like a cadaver).

Re: Chips altered?

"But if you are running older hardware (anything before Windows 8), the BIOS is too small to handle code that would spy on anyone."

That's funny. Got any more?

I've got a PC from way before Windows 8 that has it's own little Linux with a full network stack and browser baked right into the BIOS. It launches automatically to connect to online "support" if no bootable drives are found.

Re: Chips altered?

Re: Re:

Well, that's what I meant when I said Apple would have to be part of the plan; because the LT3957 doesn't have a data bus. So you couldn't just drop a "top secret" version onto the standard device pads and have it suddenly start doing magic things based on normal inputs. I suppose it could be possible to build one with a radio transceiver or something totally self contained. But if you were to actually HAVE such a top secret device that recorded or transmitted some type of valuable intel then the LAST thing you'd want to do would be to broadcast that fact by explicitly destroying one in a public manner like this.

I understand why they might want to disable any onboard storage devices. I just don't see this one as relevant. Maybe it was the rest of the circuit it was in that they were after. Would need to see the schematics to know.

Re: Re: Re: Re:

AN ALTERNATE THEORY

Well, here's an alternate theory for the LT3957 destruction. Wait for it.

The agents screwed up and stripped off the wrong part.

Why would I say that? Because if you flip the exact same board over onto the other side, about an inch and a half to the left of where the 3957 is located you see there a Macronix MX25L6406E 64Mb flash part right there. Here's a picture of the back side of the board:

So if the agents were getting instructions, say, over the phone, about how to disable this particular model's storage devices it would be possible to pull an oopsie and mistake the parts. Or maybe the instructions they had were for a different model or something and they just improvised. It makes a lot more sense to me that this could happen than why they'd need to remove a DC/DC converter/inverter from the board.

Re: ARM coprocessor

Re: Re: Re: Re: Biological Effects of microwave radiation

"One of the best brain surgeons in Australia makes it a point Not to use mobile phones near his own head based on the patients he has to deal with."

Well he is obviously an idiot. If microwave radiation from mobile phones caused cancer there would be an extremely high rate of cancer in the right hemisphere of the brain which there is not. Simple logic defeats the argument, should he really be operating on brains?

Re: what's the n?

They are more likely to have installed spyware than replace ICs on the mainboard.

Replacing the ICs with ones that look the same but behave differently would have disastrous effects on the software drivers that run the devices.

Add in to this the fact that each mainboard will have completely different chipsets based on model (not manufacturer) mean that GCHQ would need a large FAB and all the production files for the chips and sufficient time to produce a run of each IC. Basically it is far easier and efficient to install spyware (most PCs come preloaded with the worth NSA friendly spyware anyway).

Re: Re: Re: Re: Re:

So somebody who says that it is a bad idea for a democratically elected government wield secret powers because the lack of accountability to the public will lead to an escalation of abuse and probably already has, is a tin-foil hatter?

Because our government is surely made from superior beings who would all make excellent benevolent dictators in case we were not living in a constitutional republic where the reigning duopoly is getting approval rates like the Sozialistische Einheitspartei Deutschlands running the Stasi did. And the bit of pseudo-democracy people may exercise in order to keep the wool over their eyes has been rigged to keep it that way.

History would have quite a few counterexamples to the "this could not happen as we're the good guys" thesis, but then history was not able to rely on the morally superior race Americans have been created from, people who had to leave Europe because the lesser beings there could not abide their moral superiority.

Tinfoil hatters, all of them, who doubt that Americans are better than everybody in history.

Re: Re: Re: Re: Re:

The real problem is that the expression 'conspiracy theorist' were manipulated to mean batshit crazy tinfoil hat wearing idiots talking all sort of unfounded paranoid nonsense.

I don't think it's incidental. Now anyone who don't believe the official story is labeled a conspiracy theorist (correctly), which means most people discredit him without listening or considering what he actually says.

Re: Re: Re: Re: Biological Effects of microwave radiation

The USSR banned microwave ovens in 1976, just search with such term "USSR banned microwave ovens" and you'll see it's not bullshit. And everything was government-made, so there was no reason to continue selling something dangerous like in our awesome free-trade society.

Re: ARM coprocessor

In the case of the Intel chips that include this capability (I work with these chips in my job), it's not quite as scary as it sounds. First, it's only certain Intel chips that are value-add: you pay extra to get those. It's not in every chip. Also, the functionality is disabled until you perform some setup (including installing certs for entities that are allowed to control the machine).

Re: Re: Re: Re: Re: Biological Effects of microwave radiation

Since he has to deal with tumours in the brain of each of his patients, one would expect him to have more of a clue than you. The point is that what he may well be seeing is a portion of the population that are particularly susceptible to such electromagnetic radiation.

The whole point is that we actually do not know what are the limits and what are the indicators of susceptibility. Some people react badly to particular medicines while others are beneficially affected and others still for which the medicines have no effect at all.

The problem today is that the research methodologies in use are somewhat lacking in extensiveness. Many years ago, I was reading a research paper produced in relation to overhead power lines and lensing of solar radiation (you know one of those wacko beliefs out there). During the test period, the engineering researchers found no such lensing effects. However, at the conclusion of the tests and experiments, as they were packing up, one member picked up one of the test devices, which had not been powered down, and turned 90 degrees as he did so. He noticed that the readings on the test device jumped up from 0 to a significant value. This led the team to restart some of the tests and they reported finding that there was a polarisation of radiation found and surprisingly an actual lensing effect was observed.

They concluded that further tests should be undertaken to determine the exact processes occurring.

The observations I have made over the years is that extensive unbiased tests have not been undertaken. Both sides of the argument need to come together to determine the range of effects and the range of susceptibilities that can occur.

Re: Re: Re: Re: Re: Biological Effects of microwave radiation

Tinfoil hattery

We are talking about Guardian computers that have likely been some time in use before the Snowden story blew up. Why would those be bugged? And if they were, why wouldn't the NSA/CIA have gotten early warning?

No, I consider it much more likely that those computers were destroyed just for the sake of destroying them.

Because where the Guardian should be really looking for tampering is in the replacements it needed because of the destruction. What's its supply chain? Because you can bet that anything even remotely predictable will now have the GCHQ's fingerprints all over it.